[These notes come from Bob Cottrell at pe.net. Thanks Bob! Bob is running Solaris 9 on Suns, but this should apply to other Posix installs including Linux or BSD with only relatively minor differences. Note that you can and probably should add your other RBLs and serve them up locally too. Additional notes at end. -- Jeff C.]

How to setup a local RBL mirror

Download, compile and install the latest rbldnsd and rsync

Create a directory where you will store the zone files:
$ mkdir /usr/local/etc/rbldnsd

In this directory I also created 2 scripts:

rbldnsd.cron: 
#!/bin/sh
/usr/local/bin/rsync -tq some_rsync_server::surbl/*.rbldnsd /usr/local/etc/rbldnsd/
/usr/local/bin/rsync -tq other_rsync_server::dsbl/rbldns-list.dsbl.org /usr/lo
cal/etc/rbldnsd/rbldns-list.dsbl.org
(Note: there is a dot between "rbldnsd" and ">" to denote the current directory, and you'll replace some_rsync_server with the actual rsync server name provided when you are granted access.)

I have this cron'd to execute every 30 minutes:
10,40 * * * * /usr/local/etc/rbldnsd/rbldnsd.cron

and
S87rbldnsd: (to be linked into /etc/rc2.d) 
#!/bin/sh
#
# /etc/rc2.d/S87rbldnsd

PATH=$PATH:/usr/bin:/usr/local/sbin

case "$1" in
'start')
        if [ -x /usr/local/sbin/rbldnsd ]
        then
                /usr/local/sbin/rbldnsd -u named -b 10.11.12.13/53 \
                -w /usr/local/etc/rbldnsd \
                sc.surbl.org:dnset:sc.surbl.org.rbldnsd \
                ws.surbl.org:dnset:ws.surbl.org.rbldnsd \
                be.surbl.org:dnset:be.surbl.org.rbldnsd \
                ob.surbl.org:dnset:ob.surbl.org.rbldnsd \
                ab.surbl.org:dnset:ab.surbl.org.rbldnsd \
                multi.surbl.org:dnset:multi.surbl.org.rbldnsd \
                list.dsbl.org:ip4set:rbldns-list.dsbl.org
        fi
        ;;

'stop')
        /usr/bin/pkill rbldnsd
        ;;

*)
        echo "Usage: $0 { start | stop }"
        exit 1
        ;;
esac
exit 0

Then fill out our rsync request form to request access to the SURBL zone files. Please let us know the IP address you will be rsyncing from and the approximate number of incoming messages processed per day. Once access has been granted, start up the cron job, and make sure that the files were transferred.

It should look something like this:
$ cd /usr/local/etc/rbldnsd
$ ls -l 
total 1000 
-rwxr-xr-x   1 named     other        499 May  3 16:43 S87rbldnsd*
-rw-r--r--   1 named     other     105817 May  3 18:10 be.surbl.org.rbldnsd
-rwxr-xr-x   1 named     other        132 May  3 16:03 rbldnsd.cron*
-rw-r--r--   1 named     other       8373 May  3 18:10 sc.surbl.org.rbldnsd
-rw-r--r--   1 named     other     178488 May  3 18:10 ws.surbl.org.rbldnsd

Now go ahead and startup the rbldnsd daemon:
# cd /etc/rc2.d
# ln -s /usr/local/etc/rbldnsd/S87rbldnsd
# ./S87rbldnsd start 
rbldnsd: listening on 10.11.12.13/53
rbldnsd: dnset:sc.surbl.org.rbldnsd,: 20040504 010002: e/w=487/0
rbldnsd: dnset:ws.surbl.org.rbldnsd: 20040504 010002: e/w=10952/0
rbldnsd: zones reloaded, time 0.10e/0.8u sec
rbldnsd: rbldnsd version 0.992 (7 Mar 2004) started (1 socket(s), 2 zone(s))

Now it's time to tell named to look at your server for the answers for sc.surbl.org and ws.surbl.org.

Add the following lines to your named.conf file: 
zone "sc.surbl.org" IN {
        type forward;
        forward first;
        forwarders {
        10.11.12.13;
       };
};

zone "ws.surbl.org" IN {
        type forward;
        forward first;
        forwarders {
        10.11.12.13;
        };
};
And restart named.

__

Editor's Notes:

  1. Another port forwarding style is to use 127.0.0.1 as the address and a higher port number like 750, as in: 
    rbldnsd:

   sc.surbl -r/var/named/surbl -t21600 -c60 -b127.0.0.1/750 \
   sc.surbl.org:dnset:sc.surbl.ord.rbldnsd \

   ws.surbl -r/var/named/surbl -t21600 -c60 -b127.0.0.1/650 \
   ws.surbl.org:dnset:ws.surbl.org.rbldnsd \

bind(9):

zone "sc.surbl.org" IN {
        type forward;
        forward first;
        forwarders {
        127.0.0.1 port 750;
        };
};

zone "ws.surbl.org" IN {
        type forward;
        forward first;
        forwarders {
        127.0.0.1 port 650;
        };
};
    Either style works fine, though an alternate address and port 53 is arguably less likely to conflict with other services.

  2. If you have the luxury of running a dedicated rbldnsd server or can run it on a separately reachable IP address, you won't need port forwarding. Just set it up to run on port 53 and you're set!

  3. It's no longer necessary to manually reload rbldnsd since by default it will automatically check for and load any changed zone files every 60 seconds. This can be adjusted with the -c command line argument.

  4. You can and probably should request rsync access for other RBL zone files you use, and configure rbldnsd to serve them locally also. Doing so will improve your mail performance and reduce DNS traffic to the public name servers.

  5. rbldnsd is much more memory efficient than BIND, even as it keeps the zones fully in memory, and is significancy faster than BIND. (Some reports mention 3x speed and 10x memory improvements.) So it's definitely worth using rbldnsd for your RBL zones, especially if you use some of the larger ones.

  6. Installing rbldnsd from the ports collection under FreeBSD creates a startup file automatically. After configuring the zones and port forwarding, and testing that it's serving up the rsynced zones correctly, remember to add rbldnsd_enable="YES" to /etc/rc.conf to make rbldnsd to start at boot time. Other operating systems and tools will have their own methods for doing this.

  7. See also NJABL's tips for running rbldnsd and rsync (local copy).